Response

For non-discoverable flow, a successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following:

{
  "Response": {
    "challenge": "k1YeYZZ6HDmg3ruKinb2SQ",
    "rpId": "strongkey.com",
    "allowCredentials": [{
      "type": "public-key",
      "id": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30",
      "alg": -7
    },
    {
      "type": "public-key",
      "id": "CDuwefbNapAlvyLDnDqe2N8bj7TzapfvxfmUAXDz30LS-JU2kNxxht0LUJFLcFxp7i6r7zBwVwzEaDVprZKzMQ5MQgacjyQZPof_T2Uoeefg8efbTM4aEXYfzeVSEUUAMz7DonqrHvGBaQKVs_NWElrsj-uwZsO8sIsrR1rs_LQwQBokFLbZ6WGNac6v1fDn9x8XfLjHx7bkMQVzCTbwsFW4TZBMMga-qshiEtObLkc",
      "alg": -7
    }]
  },
  "responseCode":"FIDO-MSG-0006",
  "skfsVersion":"4.12.0",
  "skfsFQDN":"example.strongkey.com",
  "TXID":"1-169-1679354369053"
}

For a discoverable flow, a successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following:

 {
  "Response": {
    "challenge": "nd54MgbnS0RkFZhBgwQtGg",
    "allowCredentials": [],
    "rpId": "strongkey.com"
  },
  "responseCode": "FIDO-MSG-0006"
}

Response Description

Value	Explanation
challenge	This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application with which the user is interacting.
rpid	This attribute contains the RFC-6525 origin that represents the RP’s DNS domain. Only credentials registered to this rpid will qualify for providing an authentication assertion—the digital signature of the challenge—thus providing proof of authentication

allowCredentials Description

Value	Explanation
type	This attribute indicates the type of credential from which the RP requires an assertion – the value is always “public-key” for FIDO/WebAuthn
id	This attribute contains the unique identifier – credentialId - assigned by FIDO Authenticator to the user’s registered credential
alg	This attribute contains a numerical value, which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following: -7: ES256 or ECDSA with SHA-256 message digests

Value

Explanation

type

This attribute indicates the type of credential from which the RP requires an assertion – the value is always “public-key” for FIDO/WebAuthn

This attribute contains the unique identifier – credentialId - assigned by FIDO Authenticator to the user’s registered credential

alg

This attribute contains a numerical value, which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following:

-7: ES256 or ECDSA with SHA-256 message digests